CVE-2025-62241

EPSS 0.04%
Veröffentlicht 13.10.2025 19:32:15
Zuletzt bearbeitet 12.11.2025 16:22:40
Quelle security@liferay.com
CVE-Watchlists
Login
Unerledigt
Login

Insecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote authenticated users to from one virtual instance to view the shipment addresses of different virtual instance via the _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId parameter.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Liferay ≫ Digital Experience Platform Version2023.q4.1

Liferay ≫ Digital Experience Platform Version2023.q4.2

Liferay ≫ Digital Experience Platform Version2023.q4.3

Liferay ≫ Digital Experience Platform Version2023.q4.4

Liferay ≫ Digital Experience Platform Version2023.q4.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.121

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security@liferay.com	5.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-639 Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2025-62241

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-62241

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-62241

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-62241

EUVD